Exploit tool for NextJS. Contribute at github. https://github.com/vonuyvicoo/nextploiter
npm install nextploiternextploiter
=================
Exploit tool for NextJS
sh-session
$ npm install -g nextploiter
$ nextploiter COMMAND
running command...
$ nextploiter (--version)
nextploiter/1.0.0 darwin-arm64 node-v24.12.0
$ nextploiter --help [COMMAND]
USAGE
$ nextploiter COMMAND
...
`
Commands
* [](#nextploiter-help-command)
* nextploiter plugins
*
*
*
*
* [](#nextploiter-plugins-remove-plugin)
* nextploiter plugins reset
* [](#nextploiter-plugins-uninstall-plugin)
* [nextploiter plugins unlink [PLUGIN]](#nextploiter-plugins-unlink-plugin)
* nextploiter plugins update
*
*
*
*
*
*
* Display help for nextploiter.
USAGE
$ nextploiter help [COMMAND...] [-n]ARGUMENTS
[COMMAND...] Command to show help for.
FLAGS
-n, --nested-commands Include all nested commands in the output.
DESCRIPTION
Display help for nextploiter.
_See code: @oclif/plugin-help_
List installed plugins.
USAGE
$ nextploiter plugins [--json] [--core]FLAGS
--core Show core plugins.
GLOBAL FLAGS
--json Format output as json.
DESCRIPTION
List installed plugins.
EXAMPLES
$ nextploiter plugins
_See code: @oclif/plugin-plugins_
Installs a plugin into nextploiter.
USAGE
$ nextploiter plugins add PLUGIN... [--json] [-f] [-h] [-s | -v]ARGUMENTS
PLUGIN... Plugin to install.
FLAGS
-f, --force Force npm to fetch remote resources even if a local copy exists on disk.
-h, --help Show CLI help.
-s, --silent Silences npm output.
-v, --verbose Show verbose npm output.
GLOBAL FLAGS
--json Format output as json.
DESCRIPTION
Installs a plugin into nextploiter.
Uses npm to install plugins.
Installation of a user-installed plugin will override a core plugin.
Use the NEXTPLOITER_NPM_LOG_LEVEL environment variable to set the npm loglevel.
Use the NEXTPLOITER_NPM_REGISTRY environment variable to set the npm registry.
ALIASES
$ nextploiter plugins add
EXAMPLES
Install a plugin from npm registry.
$ nextploiter plugins add myplugin
Install a plugin from a github url.
$ nextploiter plugins add https://github.com/someuser/someplugin
Install a plugin from a github slug.
$ nextploiter plugins add someuser/someplugin
Displays installation properties of a plugin.
USAGE
$ nextploiter plugins inspect PLUGIN...ARGUMENTS
PLUGIN... [default: .] Plugin to inspect.
FLAGS
-h, --help Show CLI help.
-v, --verbose
GLOBAL FLAGS
--json Format output as json.
DESCRIPTION
Displays installation properties of a plugin.
EXAMPLES
$ nextploiter plugins inspect myplugin
_See code: @oclif/plugin-plugins_
Installs a plugin into nextploiter.
USAGE
$ nextploiter plugins install PLUGIN... [--json] [-f] [-h] [-s | -v]ARGUMENTS
PLUGIN... Plugin to install.
FLAGS
-f, --force Force npm to fetch remote resources even if a local copy exists on disk.
-h, --help Show CLI help.
-s, --silent Silences npm output.
-v, --verbose Show verbose npm output.
GLOBAL FLAGS
--json Format output as json.
DESCRIPTION
Installs a plugin into nextploiter.
Uses npm to install plugins.
Installation of a user-installed plugin will override a core plugin.
Use the NEXTPLOITER_NPM_LOG_LEVEL environment variable to set the npm loglevel.
Use the NEXTPLOITER_NPM_REGISTRY environment variable to set the npm registry.
ALIASES
$ nextploiter plugins add
EXAMPLES
Install a plugin from npm registry.
$ nextploiter plugins install myplugin
Install a plugin from a github url.
$ nextploiter plugins install https://github.com/someuser/someplugin
Install a plugin from a github slug.
$ nextploiter plugins install someuser/someplugin
_See code: @oclif/plugin-plugins_
Links a plugin into the CLI for development.
USAGE
$ nextploiter plugins link PATH [-h] [--install] [-v]ARGUMENTS
PATH [default: .] path to plugin
FLAGS
-h, --help Show CLI help.
-v, --verbose
--[no-]install Install dependencies after linking the plugin.
DESCRIPTION
Links a plugin into the CLI for development.
Installation of a linked plugin will override a user-installed or core plugin.
e.g. If you have a user-installed or core plugin that has a 'hello' command, installing a linked plugin with a 'hello'
command will override the user-installed or core plugin implementation. This is useful for development work.
EXAMPLES
$ nextploiter plugins link myplugin
_See code: @oclif/plugin-plugins_
Removes a plugin from the CLI.
USAGE
$ nextploiter plugins remove [PLUGIN...] [-h] [-v]ARGUMENTS
[PLUGIN...] plugin to uninstall
FLAGS
-h, --help Show CLI help.
-v, --verbose
DESCRIPTION
Removes a plugin from the CLI.
ALIASES
$ nextploiter plugins unlink
$ nextploiter plugins remove
EXAMPLES
$ nextploiter plugins remove myplugin
Remove all user-installed and linked plugins.
USAGE
$ nextploiter plugins reset [--hard] [--reinstall]FLAGS
--hard Delete node_modules and package manager related files in addition to uninstalling plugins.
--reinstall Reinstall all plugins after uninstalling.
_See code: @oclif/plugin-plugins_
Removes a plugin from the CLI.
USAGE
$ nextploiter plugins uninstall [PLUGIN...] [-h] [-v]ARGUMENTS
[PLUGIN...] plugin to uninstall
FLAGS
-h, --help Show CLI help.
-v, --verbose
DESCRIPTION
Removes a plugin from the CLI.
ALIASES
$ nextploiter plugins unlink
$ nextploiter plugins remove
EXAMPLES
$ nextploiter plugins uninstall myplugin
_See code: @oclif/plugin-plugins_
Removes a plugin from the CLI.
USAGE
$ nextploiter plugins unlink [PLUGIN...] [-h] [-v]ARGUMENTS
[PLUGIN...] plugin to uninstall
FLAGS
-h, --help Show CLI help.
-v, --verbose
DESCRIPTION
Removes a plugin from the CLI.
ALIASES
$ nextploiter plugins unlink
$ nextploiter plugins remove
EXAMPLES
$ nextploiter plugins unlink myplugin
Update installed plugins.
USAGE
$ nextploiter plugins update [-h] [-v]FLAGS
-h, --help Show CLI help.
-v, --verbose
DESCRIPTION
Update installed plugins.
_See code: @oclif/plugin-plugins_
Used for running javascript code at the remote server.
USAGE
$ nextploiter rceDESCRIPTION
Used for running javascript code at the remote server.
_See code: src/commands/rce/index.ts_
Helper to list return files in the server. May not work for serverless systems.
USAGE
$ nextploiter rce access-files --baseURL FLAGS
--baseURL= (required)
DESCRIPTION
Helper to list return files in the server. May not work for serverless systems.
_See code: src/commands/rce/access-files.ts_
Helper that uses process.exit to shutdown remote server.
USAGE
$ nextploiter rce kill-server --baseURL FLAGS
--baseURL= (required)
DESCRIPTION
Helper that uses process.exit to shutdown remote server.
_See code: src/commands/rce/kill-server.ts_
Helper that iterates through process.env to scrape all environment variables.
USAGE
$ nextploiter rce list-env --baseURL FLAGS
--baseURL= (required)
DESCRIPTION
Helper that iterates through process.env to scrape all environment variables.
_See code: src/commands/rce/list-env.ts_
Helper to list all files in the server. May not work for serverless systems.
USAGE
$ nextploiter rce list-files --baseURL [--dir ]FLAGS
--baseURL= (required) Base URL of server to attack
--dir= [default: .] Directory for ls command
DESCRIPTION
Helper to list all files in the server. May not work for serverless systems.
_See code: src/commands/rce/list-files.ts_
Helper to access files using the exposed Node process and utilizes process.binding, may depend on Node version.
USAGE
$ nextploiter rce process-access-files --baseURL --path FLAGS
--baseURL= (required)
--path= (required)
DESCRIPTION
Helper to access files using the exposed Node process and utilizes process.binding, may depend on Node version.
_See code: src/commands/rce/process-access-files.ts_
Helper that spawns a terminal.
USAGE
$ nextploiter rce spawn-terminal --baseURL FLAGS
--baseURL= (required)
DESCRIPTION
Helper that spawns a terminal.
_See code: src/commands/rce/spawn-terminal.ts_